]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


a5e7f2e6897c6febe41af4804b7ed2d3b7bab8b9
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 };
13 kanboard = pkgs.callPackage ./kanboard.nix {
14 env = config.myEnv.tools.kanboard;
15 };
16 wallabag = pkgs.callPackage ./wallabag.nix {
17 inherit (pkgs.webapps) wallabag;
18 env = config.myEnv.tools.wallabag;
19 };
20 yourls = pkgs.callPackage ./yourls.nix {
21 inherit (pkgs.webapps) yourls yourls-plugins;
22 env = config.myEnv.tools.yourls;
23 };
24 rompr = pkgs.callPackage ./rompr.nix {
25 inherit (pkgs.webapps) rompr;
26 env = config.myEnv.tools.rompr;
27 };
28 shaarli = pkgs.callPackage ./shaarli.nix {
29 env = config.myEnv.tools.shaarli;
30 };
31 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
33 };
34 ldap = pkgs.callPackage ./ldap.nix {
35 inherit (pkgs.webapps) phpldapadmin;
36 env = config.myEnv.tools.phpldapadmin;
37 };
38 grocy = pkgs.callPackage ./grocy.nix {
39 inherit (pkgs.webapps) grocy;
40 };
41 phpbb = pkgs.callPackage ./phpbb.nix {
42 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
43 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
44 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
45 e.phpbbmodders.adduser ]);
46 };
47 webhooks = pkgs.callPackage ./webhooks.nix {
48 env = config.myEnv.tools.webhooks;
49 };
50 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
51 env = config.myEnv.tools.dmarc_reports;
52 };
53
54 landing = pkgs.callPackage ./landing.nix {};
55
56 cfg = config.myServices.websites.tools.tools;
57 pcfg = config.services.phpfpm.pools;
58 in {
59 options.myServices.websites.tools.tools = {
60 enable = lib.mkEnableOption "enable tools website";
61 };
62
63 config = lib.mkIf cfg.enable {
64 secrets.keys =
65 kanboard.keys
66 ++ ldap.keys
67 ++ shaarli.keys
68 ++ ttrss.keys
69 ++ wallabag.keys
70 ++ yourls.keys
71 ++ dmarc-reports.keys
72 ++ webhooks.keys;
73
74 services.duplyBackup.profiles = {
75 dokuwiki = dokuwiki.backups;
76 grocy = grocy.backups;
77 kanboard = kanboard.backups;
78 rompr = rompr.backups;
79 shaarli = shaarli.backups;
80 ttrss = ttrss.backups;
81 wallabag = wallabag.backups;
82 phpbb = phpbb.backups;
83 };
84
85 services.websites.env.tools.modules =
86 [ "proxy_fcgi" ]
87 ++ adminer.apache.modules
88 ++ ympd.apache.modules
89 ++ ttrss.apache.modules
90 ++ wallabag.apache.modules
91 ++ yourls.apache.modules
92 ++ rompr.apache.modules
93 ++ shaarli.apache.modules
94 ++ dokuwiki.apache.modules
95 ++ dmarc-reports.apache.modules
96 ++ phpbb.apache.modules
97 ++ ldap.apache.modules
98 ++ kanboard.apache.modules;
99
100 services.websites.env.integration.vhostConfs.devtools = {
101 certName = "integration";
102 certMainHost = "devtools.immae.eu";
103 addToCerts = true;
104 hosts = [ "devtools.immae.eu" ];
105 root = "/var/lib/ftp/devtools.immae.eu";
106 extraConfig = [
107 ''
108 Timeout 600
109 ProxyTimeout 600
110 <Directory "/var/lib/ftp/devtools.immae.eu">
111 DirectoryIndex index.php index.htm index.html
112 AllowOverride all
113 Require all granted
114 <FilesMatch "\.php$">
115 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
116 </FilesMatch>
117 </Directory>
118 ''
119 ];
120 };
121
122 services.websites.env.tools.vhostConfs.tools = {
123 certName = "eldiron";
124 addToCerts = true;
125 hosts = ["tools.immae.eu" ];
126 root = landing;
127 extraConfig = [
128 ''
129 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
130 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
131 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
132
133 <Directory "${landing}">
134 DirectoryIndex index.html
135 AllowOverride None
136 Require all granted
137
138 <FilesMatch "\.php$">
139 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
140 </FilesMatch>
141 </Directory>
142 ''
143 (adminer.apache.vhostConf pcfg.adminer.socket)
144 ympd.apache.vhostConf
145 (ttrss.apache.vhostConf pcfg.ttrss.socket)
146 (wallabag.apache.vhostConf pcfg.wallabag.socket)
147 (yourls.apache.vhostConf pcfg.yourls.socket)
148 (rompr.apache.vhostConf pcfg.rompr.socket)
149 (shaarli.apache.vhostConf pcfg.shaarli.socket)
150 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
151 (ldap.apache.vhostConf pcfg.ldap.socket)
152 (kanboard.apache.vhostConf pcfg.kanboard.socket)
153 (grocy.apache.vhostConf pcfg.grocy.socket)
154 (phpbb.apache.vhostConf pcfg.phpbb.socket)
155 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
156 ''
157 Alias /paste /var/lib/fiche
158 <Directory "/var/lib/fiche">
159 DirectoryIndex index.txt index.html
160 AllowOverride None
161 Require all granted
162 Options -Indexes
163 </Directory>
164
165 Alias /BIP39 /var/lib/buildbot/outputs/bip39
166 <Directory "/var/lib/buildbot/outputs/bip39">
167 DirectoryIndex index.html
168 AllowOverride None
169 Require all granted
170 </Directory>
171
172 Alias /webhooks ${config.secrets.location}/webapps/webhooks
173 <Directory "${config.secrets.location}/webapps/webhooks">
174 Options -Indexes
175 Require all granted
176 AllowOverride None
177 <FilesMatch "\.php$">
178 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
179 </FilesMatch>
180 </Directory>
181 ''
182 ];
183 };
184
185 services.websites.env.tools.vhostConfs.outils = {
186 certName = "eldiron";
187 addToCerts = true;
188 hosts = [ "outils.immae.eu" ];
189 root = null;
190 extraConfig = [
191 ''
192 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
193
194 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
195
196 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
197 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
198
199 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
200 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
201 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
202 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
203
204 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
205
206 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
207
208 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
209
210 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
211
212 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
213 ''
214 ];
215 };
216
217 systemd.services = {
218 phpfpm-dokuwiki = {
219 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
220 wants = dokuwiki.phpFpm.serviceDeps;
221 };
222 phpfpm-phpbb = {
223 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
224 wants = phpbb.phpFpm.serviceDeps;
225 };
226 phpfpm-kanboard = {
227 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
228 wants = kanboard.phpFpm.serviceDeps;
229 };
230 phpfpm-ldap = {
231 after = lib.mkAfter ldap.phpFpm.serviceDeps;
232 wants = ldap.phpFpm.serviceDeps;
233 };
234 phpfpm-shaarli = {
235 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
236 wants = shaarli.phpFpm.serviceDeps;
237 };
238 phpfpm-ttrss = {
239 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
240 wants = ttrss.phpFpm.serviceDeps;
241 };
242 phpfpm-wallabag = {
243 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
244 wants = wallabag.phpFpm.serviceDeps;
245 preStart = lib.mkAfter wallabag.phpFpm.preStart;
246 };
247 phpfpm-yourls = {
248 after = lib.mkAfter yourls.phpFpm.serviceDeps;
249 wants = yourls.phpFpm.serviceDeps;
250 };
251 ympd = {
252 description = "Standalone MPD Web GUI written in C";
253 wantedBy = [ "multi-user.target" ];
254 script = ''
255 export MPD_PASSWORD=$(cat /var/secrets/mpd)
256 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
257 '';
258 };
259 tt-rss = {
260 description = "Tiny Tiny RSS feeds update daemon";
261 serviceConfig = {
262 User = "wwwrun";
263 ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
264 StandardOutput = "syslog";
265 StandardError = "syslog";
266 PermissionsStartOnly = true;
267 };
268
269 wantedBy = [ "multi-user.target" ];
270 requires = ["postgresql.service"];
271 after = ["network.target" "postgresql.service"];
272 };
273 };
274
275 services.filesWatcher.ympd = {
276 restart = true;
277 paths = [ "/var/secrets/mpd" ];
278 };
279
280 services.phpfpm.pools = {
281 tools = {
282 user = "wwwrun";
283 group = "wwwrun";
284 settings = {
285 "listen.owner" = "wwwrun";
286 "listen.group" = "wwwrun";
287 "pm" = "dynamic";
288 "pm.max_children" = "60";
289 "pm.start_servers" = "2";
290 "pm.min_spare_servers" = "1";
291 "pm.max_spare_servers" = "10";
292
293 # Needed to avoid clashes in browser cookies (same domain)
294 "php_value[session.name]" = "ToolsPHPSESSID";
295 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
296 "/run/wrappers/bin/sendmail" landing "/tmp"
297 "${config.secrets.location}/webapps/webhooks"
298 ];
299 };
300 phpEnv = {
301 CONTACT_EMAIL = config.myEnv.tools.contact;
302 };
303 };
304 devtools = {
305 user = "wwwrun";
306 group = "wwwrun";
307 settings = {
308 "listen.owner" = "wwwrun";
309 "listen.group" = "wwwrun";
310 "pm" = "dynamic";
311 "pm.max_children" = "60";
312 "pm.start_servers" = "2";
313 "pm.min_spare_servers" = "1";
314 "pm.max_spare_servers" = "10";
315
316 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
317 };
318 phpOptions = config.services.phpfpm.phpOptions + ''
319 extension=${pkgs.php}/lib/php/extensions/mysqli.so
320 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
321 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
322 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
323 '';
324 };
325 adminer = adminer.phpFpm;
326 ttrss = {
327 user = "wwwrun";
328 group = "wwwrun";
329 settings = ttrss.phpFpm.pool;
330 };
331 wallabag = {
332 user = "wwwrun";
333 group = "wwwrun";
334 settings = wallabag.phpFpm.pool;
335 };
336 yourls = {
337 user = "wwwrun";
338 group = "wwwrun";
339 settings = yourls.phpFpm.pool;
340 };
341 rompr = {
342 user = "wwwrun";
343 group = "wwwrun";
344 settings = rompr.phpFpm.pool;
345 };
346 shaarli = {
347 user = "wwwrun";
348 group = "wwwrun";
349 settings = shaarli.phpFpm.pool;
350 };
351 dmarc-reports = {
352 user = "wwwrun";
353 group = "wwwrun";
354 settings = dmarc-reports.phpFpm.pool;
355 phpEnv = dmarc-reports.phpFpm.phpEnv;
356 phpOptions = config.services.phpfpm.phpOptions + ''
357 extension=${pkgs.php}/lib/php/extensions/mysqli.so
358 '';
359 };
360 dokuwiki = {
361 user = "wwwrun";
362 group = "wwwrun";
363 settings = dokuwiki.phpFpm.pool;
364 };
365 phpbb = {
366 user = "wwwrun";
367 group = "wwwrun";
368 settings = phpbb.phpFpm.pool;
369 };
370 ldap = {
371 user = "wwwrun";
372 group = "wwwrun";
373 settings = ldap.phpFpm.pool;
374 phpPackage = pkgs.php72;
375 };
376 kanboard = {
377 user = "wwwrun";
378 group = "wwwrun";
379 settings = kanboard.phpFpm.pool;
380 };
381 grocy = {
382 user = "wwwrun";
383 group = "wwwrun";
384 settings = grocy.phpFpm.pool;
385 };
386 };
387
388 system.activationScripts = {
389 adminer = adminer.activationScript;
390 grocy = grocy.activationScript;
391 ttrss = ttrss.activationScript;
392 wallabag = wallabag.activationScript;
393 yourls = yourls.activationScript;
394 rompr = rompr.activationScript;
395 shaarli = shaarli.activationScript;
396 dokuwiki = dokuwiki.activationScript;
397 phpbb = phpbb.activationScript;
398 kanboard = kanboard.activationScript;
399 ldap = ldap.activationScript;
400 };
401
402 services.websites.webappDirs = {
403 _adminer = adminer.webRoot;
404 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
405 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
406 "${phpbb.apache.webappName}" = phpbb.webRoot;
407 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
408 "${rompr.apache.webappName}" = rompr.webRoot;
409 "${shaarli.apache.webappName}" = shaarli.webRoot;
410 "${ttrss.apache.webappName}" = ttrss.webRoot;
411 "${wallabag.apache.webappName}" = wallabag.webRoot;
412 "${yourls.apache.webappName}" = yourls.webRoot;
413 "${kanboard.apache.webappName}" = kanboard.webRoot;
414 "${grocy.apache.webappName}" = grocy.webRoot;
415 };
416
417 services.websites.env.tools.watchPaths = [
418 "/var/secrets/webapps/tools-shaarli"
419 ];
420 services.filesWatcher.phpfpm-wallabag = {
421 restart = true;
422 paths = [ "/var/secrets/webapps/tools-wallabag" ];
423 };
424
425 services.fiche = {
426 enable = true;
427 port = config.myEnv.ports.fiche;
428 domain = "tools.immae.eu/paste";
429 https = true;
430 };
431 };
432 }
433
My infrastructure configuration